This is a logstash 6.6 pipeline config for anyone looking to execute ansible playbooks inside a docker container. This config will aggregate the lines of the playbook into a single document in human readable format and output to the message field. The key/value config will also log how many OK, CHANGED, and FAILURES occured.

gistfile1.txt

  if "YOUR_ANSIBLE_IMAGE" in [image_name] {
    if "PLAY [" in [message] {
      mutate {
          add_tag => ["PLAY_START"]
      }

      aggregate {
        task_id => "%{container_id}"
        code => "map['ansibleLog'] = event.get('message')"
        map_action => "create"
      }
      drop {}
    }

    else if "TASK [" in [message] {
      mutate {
          add_tag => ["TASK"]
      }

      aggregate {
        task_id => "%{container_id}"
        code => "
          event.set('current_log', map['ansibleLog'])
          map['ansibleLog'] = [event.get('current_log').to_s, event.get('message').to_s].join('
')
        "
        map_action => "update"
      }
      drop {}
    }

    else if "skipping" in [message] {
      drop {}
    }

    else if "localhost                  : ok=" in [message] {
      mutate {
          add_tag => ["PLAY_END"]
      }

      aggregate {
        task_id => "%{container_id}"
        code => "
          event.set('current_log', map['ansibleLog'])
          map['ansibleLog'] = [event.get('current_log').to_s, event.get('message').to_s].join('
')
          event.set('message', map['ansibleLog'])
          event.set('current_log', '')
        "
        map_action => "update"
        end_of_task => true
        timeout => 120
      }
    }

    else {
      mutate {
          add_tag => ["TASK_OUTPUT"]
      }

      aggregate {
        task_id => "%{container_id}"
        code => "
          event.set('current_log', map['ansibleLog'])
          map['ansibleLog'] = [event.get('current_log').to_s, event.get('message').to_s].join('
')
        "
        map_action => "update"
      }
      drop {}
    }

  }
  
  kv {
    prefix => "ansible_"
  }